OK, one of the problems with JavaScript is that it executes in your browser. On your machine. And it is therefore not to be trusted.

The latest example is when crackers bought adverts on the Gizmodo site. The ads came with scripting to try to persuade users that something nasty was on their machine, and therefore to go download some malware from their (the crackers') site.